Contents

Design

KISS. Try to use the least amount of components, and don't overcomplicate the configuration. For example, don't use Maildrop if Dovecot already has an MDA/LDA. Don't use the high-performance sdbox format if Maildir is well supported and tested.

Overview

MTA: Exim

MDA/LDA: Dovecot LDA

MSS: Dovecot

MUA: Roundcube

lists: Mailman

storage format: Maildir

storage redundancy: Tahoe-LAFS

storage backup: duplicity to NFS share, duplicity to VTLUUG, etc.

user directory: LDAP

user authentication: Kerberos

Mail transfer

set up two MTA servers (at most one in the lounge), each with its own MDA and MSS.

Mail delivery

MDA shall deliver to a Maildir located under a mounted Tahoe-LAFS share.

Online storage

Make the MDA store the Maildir under the mounted directory (via clustered fs) on the mail server so it can be accessed from multiple different MSSs and MUAs.

If using Tahoe-LAFS, set up "dumb" storage servers at the mail site and the lounge. Configure additional storage servers wherever possible (e.g. members can volunteer their server). Tahoe-LAFS storage servers contain only encrypted data, so it doesn't matter who volunteers their space. Only the Tahoe-LAFS gateways (MSS and MUA servers) can decrypt the mails and securely hand them to authenticated/authorized users.

If using GlusterFS, set up gluster volumes at each site in a replicating configuration. Each site should also mount the gluster filesystem.

Offline storage

Occasionally copy the Maildir directory out of the Tahoe-LAFS share since we don't actually trust Tahoe-LAFS. We respect people's privacy, so don't just rsync it out to a 3rd party. Easiest solution would be to use Duplicity to automatically perform encrypted, incremental backups to the 3rd party.